AWS Credentials

Using Tines to automate interaction with AWS services requires the use of an AWS credential. When a HTTP Request Action with an AWS mode credential runs, Tines will authorize the request AWS using the Signature Version 4 Signing Process and include the corresponding headers in the request.

Creating an AWS credential

Enter the following information in the AWS New Credential page:

  • Credential name: Your desired AWS credential name.
  • Access key: The access key from your AWS Security Credentials.
  • Access secret: The access secret from your AWS Security Credentials.
  • AWS Region: The AWS region in which your credential will be used, e.g.: eu-west-1
  • Service name: The service name for which the credential will be used, e.g.: dynamodb and iam

If you want to assume a role before performing the action, you can set values for the following fields.

  • Assumed Role ARN: The ARN of the role you wish to assume, e.g.: arn:aws:iam::123456789012:role/write-access-role
  • Assumed Role External ID: (Optional) The external ID to be used when making the request

Tines will request a session with the minimum duration (15 minutes).

Using an AWS credential with a HTTP Request Action

To use an AWS credential with a HTTP Request action, include the corresponding credential widget in the action’s Authorization header.

Sample AWS HTTP Request Actions

Scan a DynamoDB Table

{
  "url": "https://dynamodb.eu-west-1.amazonaws.com",
  "method": "post",
  "content_type": "json",
  "payload": {
    "TableName": "TestTable",
    "AttributesToGet": ["Id"]
  },
  "headers": {
    "Authorization": "{{ .CREDENTIAL.aws_dynamo_db }}",
    "X-Amz-Target": "DynamoDB_20120810.Scan"
  }
}

List Cloudtrails

{
  "url": "https://cloudtrail.us-east-1.amazonaws.com",
  "method": "get",
  "content_type": "form",
  "payload": {
    "Action": "DescribeTrails",
    "Version": "2013-11-01"
  },
  "headers": {
    "Authorization": "{{ .CREDENTIAL.aws_cloudtrail }}"
  }
}

List IAM Users

{
  "url": "https://iam.amazonaws.com",
  "content_type": "form",
  "method": "get",
  "payload": {
    "Action": "ListUsers",
    "Version": "2010-05-08"
  },
  "headers": {
    "Authorization": "{{ .CREDENTIAL.aws_iam }}"
  }
}